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ABSTRACT 

Zero-knowledge proof (ZKP) plays an important role in authentication without revealing secret 
information. Diffie-Hellman (D-H) key exchange algorithm was developed to exchange secret keys 
through unprotected channels. Previously we have Diffie-hellmen key exchange algorithm. It has 
some security attacks like man in the middle attack to overcome this attack by using zero 
knowledge proof concepts. In Diffie Hellman algorithm we had generated one key. That key we 
have to use in des encryption and decryption .this paper is implemented in Xilinx 13.2 version and 
verified using Spartan 3e kit. 

Keywords: Diffie-hellmen key exchange, des encryption, decryption. 



1. Introduction 

Cryptography prior to the modern age was 
effectively synonymous with encryption, the 
conversion of information from a readable state 
to apparent nonsense. The originator of an 
encrypted message shared the decoding 
technique needed to recover the original 
information only with intended recipients, 
thereby precluding unwanted persons to do the 
same. Since World War I and the advent of the 
computer, the methods used to carry out 
cryptology have become increasingly complex 
and its application more widespread. Modern 
cryptography is heavily based on mathematical 
theory and computer science practice; 
cryptographic algorithms are designed around 
computational hardness assumptions, making 
such algorithms hard to break in practice by any 
adversary. It is theoretically possible to break 
such a system, but it is infeasible to do so by any 
known practical means. These schemes are 
therefore termed computationally secure; 
theoretical advances, e.g., improvements in 



integer factorization algorithms, and faster 
computing technology require these solutions to 
be continually adapted. There exist information- 
theoretically secure schemes that provably 
cannot be broken even with unlimited 
computing power an example is the pad but 
these schemes are more difficult to implement 
than the best theoretically breakable but 
computationally secure mechanisms. 

Encryption is the process by which meaningful 
data, such as a file, is transformed into 
meaningless data that cannot be read without 
decrypting the data back into its meaningful 
form. In the vast majority of applications in 
which encryption is used, only one or very few 
people (or computers) have the knowledge and 
ability to decrypt the Encrypted data and make 
it useful again. An encrypted file or data stream 
looks like a jumble of random letters, numbers, 
and other characters, and it is impossible to 
make sense of encrypted data without 
transforming it back into its original form. To 
perform this transformation, we need to know 
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the cipher that was used to encrypt the data. A 
cipher is a set of logical instructions that can be 
followed in the same way every time to produce 
the same result. During the process of 
encryption, the instructions in the cipher are 
performed on the data to be encrypted. These 
steps change the readable data, or plaintext, into 
its unreadable, encrypted form, or cipher text. 
Some ciphers also need a key in order to work 
on data. A key is a small piece of data that is 
used to customize each cipher. Each time a 
particular cipher is used, the key is changed. 
This allows a cipher to be used more than once 
without compromising its integrity. If a 
particular cipher was widely used and could be 
decrypted without a key, it wouldn't be secure. 
Anyone would be able to decrypt any data 
encrypted with this cipher. If keys didn't exist, a 
person would have to write a new cipher every 
time he or she wanted to encrypt a piece of data! 
It is very easy to generate a key, but very 
difficult to write a secure, effective cipher 

Encryption has been in use for thousands of 
years. The earliest known encryption was found 
engraved on Egyptian monuments from around 
2500 B.C. Hebrew scholars used simple 
alphabetic substitutions, in which one letter of 
the alphabet stands for one other letter, with no 
letters standing for more than one and no letters 
being omitted. The ancient Greeks used 
encryption to transmit military messages. 
Encryption was used heavily during World War 
II to obscure radio transmissions and telegrams 



know, so that the cipher text message can be 
returned to its original, plain text form. In its 
cipher form, a message cannot be read by 
anyone but the intended receiver. The act of 
converting a plain text message to its cipher text 
form is called enciphering. Reversing that act 
(i.e., cipher text form to plain text message) is 
deciphering. Enciphering and deciphering are 
more commonly referred to as encryption and 
decryption, respectively. There are a number of 
algorithms for performing encryption and 
decryption, but comparatively few such 
algorithms have stood the test of time. The most 
successful algorithms use a key. A key is simply 
a parameter to the algorithm that allows the 
encryption and decryption process to occur. 
There are many modern key-based 
cryptographic techniques. These are divided into 
two classes: symmetric and asymmetric (also 
called public/private) key cryptography. In 
symmetric key cryptography, the same key is 
used for both encryption and decryption. In 
asymmetric key cryptography, one key is used 
for encryption and another, mathematically 
related key, is used for decryption 




Decryption 





Figure: 2 



Plaintext 
Hello World! 



Enayption 




Figure: 1 

Cryptography is an algorithmic process of 
converting a plain text or clear text message to a 
cipher text or cipher message based on an 
algorithm that both the sender and receiver 



2. Diffie Hellman Key Exchange 

It is a specific method of exchanging 
cryptographic keys. It is one of the earliest 
practical examples of key exchange implemented 
within the field of cryptography. The Diffie- 
Hellman key exchange method allows two 
parties that have no prior knowledge of each 
other to jointly establish a shared secret key over 
an insecure communications channel. This key 
can then be used to encrypt subsequent 
communications using a symmetric key cipher. 
The scheme was first published by Whitfield 
Diffie and Martin Hellman in 1976, although it 
had been separately invented a few years earlier 
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within GCHQ, the British signals intelligence 
agency, by James H. Ellis, Clifford Cocks and 
Malcolm J. Williamson but was kept 
classified, [citation needed] In 2002, Hellman 
suggested the algorithm be called Diffie- 
Hellman-Merkle key exchange in recognition of 
Markel's contribution to the invention of public- 
key cryptography (Hellman, 2002). Although 
Diffie-Hellman key agreement itself is an 
anonymous (non-authenticated) key-agreement 
protocol, it provides the basis for a variety of 
authenticated protocols, and is used to provide 
perfect forward secrecy in Transport Layer 
Security's ephemeral modes (referred to as EDH 
or DHE depending on the cipher suite). The 
method was followed shortly afterwards by 
RSA, an implementation of public key 
cryptography using asymmetric algorithms. 

The system... has since become known as Diffie- 
Hellman key exchange. While that system was 
first described in a paper by Diffie and me, it is a 
public key distribution system, a concept 
developed by Merkle, and hence should be 
called 'Diffie-Hellman-Merkle key exchange' if 
names are to be associated with it. I hope this 
small pulpit might help in that endeavor to 
recognize Markel's equal contribution to the 
invention of public key cryptography. 

A zero-knowledge proof (ZKP) is a proof of 
some statement which reveals nothing other 
than the veracity of the statement. The word 
"proof here is not used in the traditional 
mathematical sense. Rather, a "proof, or 
equivalently a "proof system", is an interactive 
protocol by which one party (called the prover) 
wishes to convince another party (called the 
verifier) that a given statement is true. In ZKP, 
the prover proves that he/she knows a secret 
without revealing it. Researches in zero- 
knowledge proofs has been motivated by 
authentication systems where one party wants to 
prove its identity to a second party via some 
secret information (such as a password) but 
doesn't want the second party to learn anything 
about this secret. This is called a "zero- 
knowledge proof of knowledge". However, a 
password is typically too small or insufficiently 
random to be used in many schemes for zero- 
knowledge proofs of knowledge. A zero- 



knowledge password proof is a special kind of 
zero- knowledge proof of knowledge that 
addresses the limited size of passwords. One of 
the most fascinating uses of zero-knowledge 
proofs within cryptographic protocols is to 
enforce honest behavior while maintaining 
privacy. Roughly, the idea is to enforce a user to 
prove, using a zero-knowledge proof, that its 
behavior is correct according to the protocol. 
Because of soundness, we know that the user 
must really act honestly in order to be able to 
provide a valid proof. Because of zero 
knowledge, we know that the user does not 
compromise the privacy of its secrets in the 
process of providing the proof. 

Diffie-Hellman key exchange algorithm was 
invented in 1976during collaboration between 
Whitfield Diffie and Martin Hellman and was 
the first practical method for establishing a 
shared secret between two parties (Alice and 
Bob) over an unprotected communications 
channel. The protocol uses the multiplicative 
group of integers modulo p <Zp*,x>, where p is 
a prime number. That simply means that the 
integers betweenl and p-1 are used with normal 
multiplication, exponentiation and division, 
except that after each operation the result keeps 
only the remainder after dividing by p. The two 
parties (Alice and Bob) need to choose two 
numbers p and g; where p 
(modulo) is a prime number and the second 
number g is a primitive root of order (p-1) in 
the group <Zp*,x> called the generator. The two 
numbers are public and can be sent through 
the Internet 



L Alice chooses a large random number .v, such that 0<x < 
p and calculate R t = g 1 mod p. 

2. Bob chooses another large random number y\ such that 
0<y <p and calculate = g mod p. 

3. Alice sends R s to Bob, 
4 Bob sends Rj to Alice. 

5. Alice computes K Alil . L . = (R 2 f mod p. 

6. Bob computes = {RjY mod p. 

Both Alice and Bob have arrived at the same key value; 

K A !i Ce - (Ryf modp = \g mod pf mod p=g x> mod p. 
Kfi.,,/>= (Rjf mod p = (g J mod pf mod p = g" mod p. 
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Figure- 3 Diffie-Hellrman Algorithm 



The proposed ZKP based on D-H key exchange 
algorithm in the sense that both parties (the 
prover and the verifier) exchange non secret 
information and did not revealing secrets to get 
one identical secret key. This means that the 
prover can prove to the verifier that he knows 
the secret. The proposed algorithm developed 
in two stages; in the first stage we develop a 
first version based on the basic D-H key 
exchange algorithm which is vulnerable to 
man-in-the-middle-attack. The second version 
has been developed to resists the man-in the- 
middle attack. The two versions will be 
describes below 



I) Alice (the prover) chooses a large random number x> 
such that 0<x <p and calculate Rj =g x mod p. 



2) Bob (the verifier) chooses another large random 
number y\ such that 0<y <p and calculate R 2 = g l 
mod p. 



3) Alice sends R; to Bob. 

4) Bob sends i? : to Alice. 

5) Alice (the prover), computes K Aikv = (Ryf modp, and 
send encrypted Rj to Bob using K A!ke (Q = E(K Aik€l 

6) Bob computes K M = (Rtf modp ) and calculate (C? = 
E{K Boh R 2 ))< 

7) Bob (the verifier) verify (C } = Q; if equal then Alice 
is accepted, otherwise it is rejected. 
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Figured Proposed ZKP Vers ion-1 



1) Alice (the prover) chooses a large random number .v, 
such that 0<x <p and calculate Ri = g x mod p. 

2) Alice sends R s to Bob. 

3) Bob (the verifier) chooses another large random number 
y, such that 0<y <p and calculate R 2 = g mod p t K Bob = 
(Rff modp, and C\ = E(Kb 0 ^ R:\ 

4) Bob sends {R? \ Cf) to Alice. 

5) Alice, calculates Kauk = (Rjf mod p, decrypt (Ry - 
D(K Alice* Q)) and verify (R 2 = Ry) . If they matched then 
she proceeds; otherwise the verifier is dishonest, 

6) Alice encrypt (d = E(K Aiicet Ri\Ri) and send it to Bob. 

7) Bob decrypt C_? to get R r and Ry 

8) Bob verify (72; = R t ): if they are equal then Alice is 
verified (Accepted), otherwise it is a dishonest prover 
(rejected), 



Alice 
Prove r 



Bob 
Vorlftor 




Cp and g are A 
pubic J 




Ri = g* mod p 



Rj|C, 



R 2 - g v mod p 
K ■ (Ri)' mod p 
C, = E<K. R,) 



K - | R. )■ mod p 

Rj' - 0(K.C,) 



— N 



Dishonest 



C-E(K. R,|R,> 
















Figure-5 Proposed ZKP Version-2 
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3. DES 

DES was the result of a research project set up by 
International Business Machines (IBM) 
Corporation in the late 1960's which resulted in a 
cipher known as LUCIFER. In the early 1970' s it 
was decided to commercialize LUCIFER and a 
number of significant changes were introduced. 
IBM was not the only one involved in these 
changes as they sought technical advice from the 
National Security Agency (NSA) (other outside 
consultants were involved but it is likely that the 
NSA were the major contributors from a 
technical point of view). The altered version of 
LUCIFER was put forward as a proposal for the 
new national encryption standard requested by 
the National Bureau of Standards (NBS). It was 
finally adopted in 1977 as the Data Encryption 
Standard -DES (FIPS PUB 46) DES (and most of 
the other major symmetric ciphers) is based on a 
cipher known astheFeistel block cipher. This was 
a block cipher developed by the IBM 
cryptography researcher Horst Feistel in the 
early 70's. It consists of a number of rounds 
where each round contains bit-shuffling, non- 
linear substitutions (S-boxes) and exclusive OR 
operations. Most symmetric encryption schemes 
today are based on this structure (known as a 
feistel network). As with most encryption 
schemes; DES expects two inputs - the plaintext 
to be en-crypted and the secret key. The manner 
in which the plaintext is accepted, and the key 
arrangement used for encryption and 
decryption, both determine the type of cipher it 
is. DES is therefore a symmetric, 64 bit block 
cipher as it uses the same key for both 
encryption and decryption and only operates on 
64 bit blocks of data at a time5(be they plaintext 
or cipher text). The key size used is 56 bits, 
however a 64 bit (or eight-byte) key is actually 
input. The least significant bit of each byte is 
either used for parity (odd for DES) or set 
arbitrarily and does not increase the security in 
any way. All blocks are numbered from left to 
right which makes the eight bit of each byte the 
parity bit. Once a plain-text message is received 
to be encrypted, it is arranged into 64 bit blocks 
required for input. If the number of bits in the 
message is not evenly divisible by 64, then the 
last block will be padded. Multiple permutations 
and substitutions are incorporated throughout in 
order to increase the difficulty of performing a 



cryptanalysis on the cipher. However, it is 
generally accepted that the initial and final 
permutations offer little or no contribution to the 
security of DES and in fact some software 
implementations omit them (although strictly 
speaking these are not DES as they do not 
adhere to the standard) 
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The sequence of events that occur during an 
encryption operation.DES performs an initial 
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permutation on the entire 64 bit block of data. It 
is then split into 2, 32 bit sub-blocks, Li and Ri 
which are then passed into what is known as 
around of which there are 16 Each of the rounds 
are identical and the effects of increasing their 
number is twofold - the algorithms security is 
increased and its temporal efficiency decreased. 
Clearly these are two conflicting outcomes and a 
compromise must be made. For DES the number 
chosen was 16, probably to guarantee the 
elimination of any correlation between the 
cipher text and either the plaintext or key. At the 
end of the 16th round, the 32 bit Li and RI output 
quantities are swapped to create what is known 
as the pre-output. This [R16, LI 6] concatenation 
is permuted using a function which is the exact 
inverse of the initial permutation. The output of 
this final permutation is the 64 bit cipher text. 
As shown in Figure, the 48-bit input word is 
divided into eight 6-bit words and each 6-bit 
word fed into a separate S-box. Each S-box 
produces a 4-bit output. Therefore, the 8 S-boxes 
together generate a 32-bit output. As you can 
see, the overall substitution step takes the 48 -bit 
input back to a 32-bit output. 

Each of the eight S-boxes consists of a 4 x 16 
table lookup for an output 4-bit word. The first 
and the last bit of the 6-bit input word are 
decoded into one of 4 rows and the middle 4 bits 
decoded into one of 16 columns for the table 
lookup. 



48 bits produced by XORing the output of the Expansion 
Permutation and the Round Key 
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5. SIMULATION RESULTS 



In this Work XILINX ISE 13.2 simulator used. 
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The Diffie-Hellman key exchange exploits 
mathematical properties to produce a common 
computational result between two (or more) 
parties wishing to exchange information, 
without any of them providing all the necessary 
variables. By agreeing on two variables and 
providing each other with a computed public 
key, the resulting secret key will be identical 
throughout the exchange. 

It is, of course, possible to intervene by either 
masquerading or by sheer brute force, but the 
first is a common concern — authentication — 
which must be addressed separately, and the 
second is, when done right, computationally 
infeasible. With proper authentication 
mechanisms, proper prime generation, and true 
randomness in picking variables, the D-H 
protocol can be a powerful component in many a 
security measure. Good implementations 
include usages in Secure Sockets Layer, Secure 
Shells, IP Security, and others. Passages on short 
introductory and background information, 
description, issues, as well as common usages 
were produced in this report, and it is hoped 
that they were all of sufficient clarity. The 
Shared secret key is generated using diffie- 
hellman algorithm using authentication to 
provide more security. That key we are going to 
use for symmetric encryption algorithm. In this 
paper we used DES algorithm for 
communication between two parties. 
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